The long path to security

Security is the safeguarding of resources for appropriate use.
Computers and worldwide networking have added vast, new dimensions to this
age-old responsibility. This article will cover general security concepts.

What are we securing?

The computer resources to be secured are information, services,
and equipment. More to the point, the qualities of these resources that
we seek to secure are privacy, integrity, authenticity, and
availability. Attacks, errors, and malfunctions
threaten these qualities.

Privacy provides that a resource can only be used by appropriate persons. For
email, privacy may mean that only the sender and the intended recipients can
read a message. For an email group, it may mean that only registered members of
the list may participate. For a departmental server, privacy may mean that only
the intended user can access an account, and that accounts are limited to bona
fide departmental users.

Integrity provides that a resource is intact and has not been modified, damaged, or
lost. Specifically, the content is delivered as originally recorded and has not
been unintentionally or maliciously modified. Services and equipment should not
have been modified for some other purpose, such as to undermine privacy or
authenticity.

Authenticity provides that a resource is correctly identified. For email and
documents, this might require electronic signatures to prove that the content
originated from a specific person or source. For web servers, this could mean
authentication of the server, as with server identification certificates.

Availability provides that a resource is accessible and usable as intended and when
needed.

What compromises security?

In the real world, various problems beset the qualities that we desire for
our resources.

Attacks are intentional acts to subvert privacy, undermine integrity,
fake or deny authenticity, steal resources, or simply to deny use. This reflects
the dark side of human nature.

Malfunctions are glitches, bugs, breakdowns, natural disasters, and
the like. They are Nature's way of letting us know we can't control
everything.

How do we ensure security?

The three main areas of security activity are prevention, detection,
and recovery. Activity must be balanced among all three areas to be
effective.

Prevention is the main defense. Alas, there is no panacea, no wall
high enough, no moat deep enough. Your defenses may be finagled, end-run, or
overcome by brute force. You will study and apply defenses step by step, based
on your resources and analysis of risk, for all eternity.

Detection is the essential partner of defense. No defense is perfect,
even for a limited purpose. Your best hope is to stop damage as soon as possible
and design new defenses based on the new knowledge.

Look for trouble! It is coming!

Recovery is the last defense. Once prevention has failed, preplanned
and tested recovery methods are needed. Backups, spare parts and equipment, and
a written plan are good starting places. Of course, some losses, such as
privacy, cannot be restored.

Risk analysis

We achieve security by deploying policies, procedures, and technologies to
defend the qualities of our resources from various threats. The threats and
defenses are so varied that we must analyze and prioritize our responses.

The main steps in using risk analysis to develop a security plan and a
security policy are:

Identify the qualities and resources to be protected.

Analyze the threats.

Estimate the cost of loss (time and money).

Analyze available countermeasures.

Select and prioritize countermeasure deployment.

Analyze effectiveness and restart at (1).

The choices you identify above are included in your security policy. The
prioritized steps become your security plan.

On a network, constructive paranoia is healthy!

Berkeley Computing & Communications, Volume 9, Number 3
(Summer 1999)Copyright 1999, The Regents of the University of California